Difference between revisions of "HoerupNet"

From HoerupWiki
Jump to: navigation, search
(Network diagram)
 
(38 intermediate revisions by the same user not shown)
Line 1: Line 1:
Description of my personal network
 
  
=Network diagram=
+
{{#tag:graphviz|
  
 
<graphviz border='frame' format='png' caption='Graph for example no. 1'>
 
 
graph network {
 
graph network {
hoerup [label="192.168.12.0/24"]
+
node [fontsize=12]
amstrup [192.168.2.0/24]
+
edge [fontsize = 12]
HSH [192.168.8.0/24]
 
hoerup_microtik [192.168.12.16]
 
  
hoerup -- amstrup
+
hoerup [label="hoerup \n192.168.12.0/24"]
hoerup -- HSH
+
hoerup_clients [label="hoerup clients \n192.168.20.0/24"]
amstrup -- HSH
+
amstrup [label="amstrup \n192.168.2.0/24"]
hoerup -- hoerup_microtik
+
HSH [label="HSH \n192.168.8.0/24"]
}
+
hoerup_microtik [label="hoerup/microtik\nlan=192.168.13.16\nsstp=dynamic" shape=box]
 +
hoerupit [label="hoerupit \n 192.168.23.0/24" ]
 +
it_microtik [label="it/microtik \n sstp=192.168.195.1\nlan=?" shape=box]
 +
it_mgmt [label="it/mgmt \n192.168.211.0/24"]
  
  
  
  
 +
hoerup -- amstrup [label="openvpn"]
 +
hoerup -- hoerup_clients [label="openvpn"]
 +
hoerup -- HSH [label="openvpn"]
 +
hoerup -- hoerupit [label="openvpn"]
  
</graphviz>
+
amstrup -- HSH [label="openvpn"]
 +
hoerup -- hoerup_microtik [label="lan/192.168.13 alias"]
 +
hoerup_microtik -- it_microtik [label="sstp (masqeraded srcnat)"]
 +
it_microtik -- it_mgmt [label="lan"]
  
=IP Address=
 
The network uses the RFC1918 private IP range 192.168.10.0/24
 
All hosts get network information from the DHCP server, but some hosts get a fixed address based on MAC address.
 
The dynamic range is 192.168.10.30-100.
 
  
=Host timon=
 
Timon is the gateway and firewall for the network.
 
  
Timon runs the following services
 
* Firewall
 
**Homebuild iptables script with source / destination nat and forward filtering
 
**DNAT
 
***http->rafiki
 
***smtp->rafiki
 
***openvpn->rafiki
 
***(mldonkey ports)->rafiki
 
***443->rafiki:22
 
***<strike>VNC->pumba</strike>
 
**outgoing traffic is SNAT'ed
 
*Traffic shaping
 
*Static route: route add -net 192.168.20.0/24 gw 192.168.10.5
 
*ISC DHCP Server
 
**Serves IP addresses as described above
 
*bind9 DNS server
 
**Caching DNS server, uses <strike>ISP DNS</strike> OpenDNS for lookups
 
**reverse lookup for 192.168.10.x and 192.168.20.x
 
**local override for t-hoerup.dk (primarily to bind www.t-hoerup.dk etc. to the internal webserver address)
 
*SSH server
 
**For remote admininistration (only available from internal network)
 
*TFTP
 
**Used For PXE installations.
 
*SNMP
 
*cron
 
**chkrootkit / rkhunter / ntpdate / logrotate / logwatch (logwatch recipient torben@t-hoerup.dk)
 
*nullmailer
 
**forwarding local-generated mail to rafiki
 
**/etc/mailname:timon.t-hoerup.dk
 
**/etc/nullmailer/remotes:rafiki.t-hoerup.dk
 
  
=Host Rafiki=
 
Rafiki is the server
 
  
(VPN access is regarded as internal network access)
 
  
Unless specified otherwise the daemons listens on all network interfaces.
 
  
Rafiki runs
 
*SSH server
 
* Apache webserver
 
** With mod_php5, mod_dav_svn, mod_python, mod_proxy
 
** Hosts all vhosts listed in http://status.t-hoerup.dk/vhosts.php
 
*** Hosts subversion repository
 
***Wiki
 
***Pastebin
 
***SQL webfrontends
 
***Is reverse proxy for those services that has their own http engine (such as mldonkey, and tomcat)
 
*MySQL
 
*PostgreSQL
 
*Mldonkey for file download
 
**bittorrent
 
**donkey
 
**overnet
 
**basic HTTP
 
*Squid http proxy
 
**port 3128
 
**Non caching
 
**available to internal network only
 
*Proftpd
 
**File transfer - Only available to internal network (from outside scp/sftp should be used)
 
*Postfix SMTP MTA
 
*Dovecot IMAPd
 
*OpenVPN
 
** TUN / UDP based
 
**Listens on port 1494
 
**Uses subnet 192.168.20.0/24 for tunnels
 
**Full access to 192.168.10.0/24 available via vpn
 
*Smokeping
 
*App server: Sun Glassfish 2.1
 
*smsdaemon
 
*MRTG
 
*webalizer
 
*cron
 
**chkrootkit / rkhunter / ntpdate / logrotate / logwatch (logwatch recipient torben@t-hoerup.dk)
 
**torben's crontab
 
***05  */3    *  *  *  /home/torben/bin/getmail-silent
 
***05  05    *  *  *  cp /var/spool/mail/torben /home/torben/Mail/inbox-backup
 
  
=Access Point=
+
}|format="png"}}
*SSID: hoerup
 
*Encryption: WPA2-PSK
 
*Channel: 6
 

Latest revision as of 21:19, 9 August 2018

This is a graph with borders and nodes that may contain hyperlinks.